i've had about 8 hours of work with openldap, ssl, libnss-ldap and libpam-ldap to build a fully-fledged, completely centralised auth environment for the linux lab at work, without having to upgrade the boxes to unstable or testing (that's the main rub, as stable's openldap does not have tls enabled... lots a minor and major niggling nasties) but i got it work eventually. the first system security lecture today did also work out well, but the lab tomorrow would benefit from me having another 48hrs to look for good things to show. bummer. dead-tired, so not looking forward to dealing with more administrative junk tomorrow.